this post was submitted on 18 Jun 2023
16 points (100.0% liked)

Privacy Guides

16749 readers
1 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...


Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 1 year ago
MODERATORS
top 14 comments
sorted by: hot top controversial new old
[–] sysadmin@lemmy.world 11 points 1 year ago (1 children)

Pro is a little bit better because of features like Bitlocker. A lot better would be Education/Enterprise variant. You'd need special licenses for running enterprise I think. There are also registry hacks that would give you some protection against telemetry (I personally haven't done this).

Privacy-wise though, any "windows" is going to fare lower than linux is what I'd say. Wait for others in the sub for more insights.

[–] chaoschorus@lemmy.one 1 points 1 year ago

If using bitlocker be sure to note down the key for it, one bad crash and your drive is a good as dead.

[–] sysadmin@lemmy.world 10 points 1 year ago* (last edited 1 year ago) (2 children)

If you're already on a Linux-based operating system, and you gotta run a real instance of Windows for some reason, your safest bet from both a security and privacy standpoint is to run it in a virtual machine (I like VirtualBox, personally, but VMWare, or whatever else will do the job fine also) and firewall the hell out of it. In a virtual machine, you can totally lock it down as much or as little as you need for the task at hand, and ain't a damned thing Windows itself can really do about it, and as an added bonus, it saves you from the required reboots of dual-booting. It's confined to a "safe space" (until you start opening enabling network stuff and opening ports to it). You're in control.

edit: or QEMU/KVM (with virt-manager)

[–] Gatsby@lemm.ee 3 points 1 year ago

And if you spend a bit of time with it, you can even pass a graphics card to the VM if you're limited by the VM's specs.

As well as having a dual boot partition or drive but opening it in a VM when you can split resources or dual boot when you need the full system

[–] constantokra@lemmy.one 1 points 1 year ago

Gnu boxes makes it pretty easy. Use the VM behind a VPN and don't allow access to your host. You can just mount the virtual volume to share any data you need to back and forth.

[–] starchturrets@feddit.de 6 points 1 year ago* (last edited 1 year ago)

If I remember correctly, Pro should give you access to group policies (making configuration a tad less painful compared to fiddling in the registry), stuff such as Windows Sandbox/MDAG (basically, throwaway VMs you can run executables/Edge in), as well as Bitlocker encryption.

You cannot turn off required diagnostics on Windows 11 Home or Pro. You can see it yourself by firing up a Windows Pro or Home VM, editing the relevant setting in the registry or group policy, then taking a look at wireshark traffic - you should still see traffic to telemetry endpoints that Microsoft has listed in their documentation. This confirms what their documentation already says about this setting:

This is only available on Windows Server, Windows Enterprise, and Windows Education editions.

This also applies to many third party tools which claim to stop windows telemetry. Since I'm reasonably sure they work by editing the registry, they would be no more effective than simply turning off optional diagnostics in the GUI. So you end up giving yet another random app admin access for no real gain.

That being said, imo the required OS diagnostics Windows collects tends to be pretty basic in comparison to all the FUD that's spread about it being a literal backdoor. You can see for yourself by opening the diagnostic data viewer app and seeing what info is there.

The other main problems (at least from my fiddling around in a VM with mitmproxy and wireshark as well as reading various articles) are:

  • Windows Spotlight sending back similar data compared to required diagnostics - but if you're on Home/Pro where you can't turn it off anyways, this is irrelevant.

  • Forced Microsoft Login with a lot of cloud syncing stuff opted in by default - bypassable, but is somewhat troublesome. You can also just select the domain join option when installing Windows Pro to get around this.

  • Bing start menu search (needs a group policy or regedit to disable).

  • Edge's optional features and Windows Security's Smartscreen constantly leaking stuff such as browsing history (these can be disabled easily enough, fwiw).

Edit: I just realized you were talking about 10 and not 11, still, a lot of what I wrote about diagnostic data is applicable to both of them.

Talking from experience when it comes to privacy on Windows I recommend looking into:

https://privacy.sexy

I know domain looks kind fishy but you can Inspect generated script yourself before running. Also you can Customize it to only include things you want.

[–] sysadmin@lemmy.world 3 points 1 year ago (1 children)

Really you'd have to fire up Wireshark and see what telemetry Windows was blabbing away behind your back. Analysing those logs can be a tedious business, especially as you'd need a large dataset.

Thing with just about any tech related question posted is likely some geek will have done the heavy lifting for you already. Here is a nice start:

https://www.zdnet.com/article/windows-10-and-telemetry-time-for-a-simple-network-analysis/

Here is another one:

https://www.comparitech.com/blog/information-security/windows-10-data/

That's logs required to be collected, doesn't say whether or not the data is sent back to Windows. Best assume yes.

Course, all that proprietary software will have a voluminous licence agreement that nobody reads. They'll collect as much data as they can to "maximise user experience" or whatever rubbish.

[–] MigratingtoLemmy@lemmy.world 1 points 1 year ago

Could one mirror the traffic from the VM into Suricata/Snort to analyse it? Although if it were to be HTTPS traffic I doubt these or Wireshark would be able to do anything about them. The only alternative remains is to run a MiTM proxy in your network, which is a bit more advanced

[–] unfazedbeaver@lemmy.one 3 points 1 year ago* (last edited 1 year ago)

Just wanna take a moment to let people know about a very, very good and reputable tool for privacy and windows. Honestly, it should be on the privacy guides website imho.

Linux is better, but if you have to use Windows, there is the Chris Titus Tech tool available. You can set power-user privacy options easily, massively debloat your windows installation, install programs, and easily set your update settings to security only, if that is what you want.

It's also freaky easy to use, and comes from one of the foremost minds in the tech world today.

https://christitus.com/windows-tool/

[–] Vexz@feddit.de 1 points 1 year ago

Afaik there's some telemetry stuff you cannot turn off with the Home edition but you can with Pro. Not sure though if W10Privacy can disable that telemetry anyway.

[–] ADL@lemmy.ml 1 points 1 year ago

I really wish people would stop making perfection the enemy of good when Windows comes up in any capacity on here. We all know Windows sucks for privacy but for certain users and industries it's still quite mandatory so answer the damn question and provide resources to make it as least intrusive as possible.

[–] BrikoX@vlemmy.net 1 points 1 year ago* (last edited 1 year ago)

Pro offers more control if you don't mind following some guides or enjoy tinkering. Whichever option you choose consider running https://github.com/crazy-max/WindowsSpyBlocker.

load more comments
view more: next ›